From owner-freebsd-security  Wed Jun 16 12:18:13 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 43B23154F4
	for <security@FreeBSD.ORG>; Wed, 16 Jun 1999 12:18:09 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA51647;
	Wed, 16 Jun 1999 13:18:03 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA01012; Wed, 16 Jun 1999 13:18:03 -0600 (MDT)
Message-Id: <199906161918.NAA01012@harmony.village.org>
To: Barrett Richardson <barrett@phoenix.aye.net>
Subject: Re: some nice advice.... 
Cc: Unknow User <kernel@tdnet.com.br>, security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 16 Jun 1999 05:41:23 EDT."
		<Pine.BSF.4.01.9906160538310.18250-100000@phoenix.aye.net> 
References: <Pine.BSF.4.01.9906160538310.18250-100000@phoenix.aye.net>  
Date: Wed, 16 Jun 1999 13:18:03 -0600
From: Warner Losh <imp@harmony.village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.01.9906160538310.18250-100000@phoenix.aye.net>
Barrett Richardson writes: 
: [bpf] can be some risk. If a machine with bpf enabled gets compromised
: the attacker can use it as a network sniffer.

That's the biggest reason that I do not enable it on most of my
machines if I can at all help it.

However, one could argue that if a machine gets compromized, then an
attacker could, on the next reboot, cause arbitrary code to run via
the rc mechanism....  This 'hold' is hard to plug, but is plugable if
you are running with an elevated secure level...

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message